The December 2019 release of Apache Kafka 2.4.0 saw usability improvements in TopologyTestDriver, with the addition of new TestInputTopic and TestOutputTopic classes.
These offer typesafe methods to easily produce and consume messages for your Kafka Streams tests.
In this post we’ll explore these new classes in the context of Avro messages, which requires a small trick to get working.
In a previous post we learned about callouts in Asciidoctor to add explanation to source code. While surfing the Internet I came upon the following blog post by Alex Soto: Auto-numbered Callouts in Asciidoctor. I turns out that since Asciidoctor 1.5.8 we can use a dot (.) instead of explicit numbers to have automatic increasing numbering for the callouts.
Let’s take our example from the earlier blog post and now use auto numbered callouts:
When using Springfox you can annotate your endpoints to automatically generate OpenAPI docs for your clients.
This blogpost will show how you can prevent Springfox generating a model on an endpoint with ResponseEntity as return type.
I’ll also cover how to prevent generating default responses.
Take an endpoint like below.
You want to return ResponseEntity because you want control over the status and body which is returned within your endpoint code.
Now your generated OpenAPI doc contains responses with a $ref to ResponseEntity.
Springfox will also generate default responses for 201, 202, 400, 401, 403, 404, which you may never need.
ResponseEntity (it is quite long)Adding Spring Security to an existing application can be quite a daunting prospect. Merely adding the required dependencies to your project sets off a chain of events which can break your application and tests.
Maybe you’re suddenly shown a login prompt which expects a generated password logged on startup.
Maybe your tests now get the dreaded 401 Unauthorized, or a subsequently a 403 Forbidden.
Maybe you get a ClassCastException when trying to use your Authentication#getPrincipal().
Either way, this post is here to help!
In a previous post I’ve shown how to use ZIO environments to provide your program with dependencies, or modules. While using environments at the customer I’m currently working for, we found out that the logic to get a database session object using a module would run over and again. This makes sense, since a ZIO[R, E, A] is a prescribed way of getting an A, and the result is not cached. Our application was reading configuration files and creating SQL sessions on every module call, while the resulting object was obviously constructed from the same underlying values. There are multiple ways to solve this:
Creating the singleton objects before running you application logic.
Caching the result of the loading code in a reference.
In this post I’ve chosen the latter, because I wanted to show the use of ZIO’s Ref. Also, I like how semantically the desired data and the logic of retrieving it belong together.
When combined with Spring Security 5.2+ and an OpenID Provider such as Keycloak, one can rapidly setup and secure Spring Cloud Gateway for OAuth2 resource servers.
Spring Cloud Gateway aims to provide a simple, yet effective way to route to APIs and provide cross cutting concerns to them such as: security, monitoring/metrics, and resiliency.
We consider this combination a promising standards-based gateway solution, with desirable characteristics such as hiding tokens from the client, while keeping complexity to a minimum.
This is an overview of some optimization techniques used by Hotspot JVM to increase performance. I will start by giving a small example of how I ran into these optimizations while writing a naive benchmark. Each optimization is then explained with a short example and ends with some pointers on how to analyze your own code.
You might have a need for a custom access decision voter when security decisions are made based on who is accessing what domain object. Luckily Spring Security has quite a few options for such implement such access control list (ACL) constraints.
This post is part of a series of blog posts on Spring Security; the code can be found on GitHub.
ZIO is a type-safe, composable library for asynchronous and concurrent programming in Scala (from: The ZIO github). The library copes with functional IO, like many Functional Programming libraries do. The added value of ZIO is that the ZIO[R, E, A] type-constructor
(the main IO monad of the library) acts as an IO monad, an error handling monad, and a reader monad. A functional programming style often needs a combination of these three types to cope with the most common problems when creating an application:
performing side effects (getting the A)
coping with errors (handling E)
supplying dependencies (providing R)
This blogpost will show you how to cope with the R part of a ZIO[R, E, A]: the Environment
Often you’ll find access decisions move beyond simplistic ownership or having a certain role, for instance when users share domain objects with other users. In such cases it’s common to separate permission to view an instance from being able to make changes to the same instance. When your access rules are relatively straightforward, Spring Security offers the PermissionEvaluator interface to secure instance access.
This post is part of a series of blog posts on Spring Security; the code can be found on GitHub.
ZIO is a type-safe, composable library for asynchronous and concurrent programming in Scala (from: The ZIO github). The ZIO framework provides your program as immutable and pure values, which are very simple to properly unit test. But how can you run an integration test to see if your application starts up properly?
Spring Data repositories allow you to easily query your entities with method names such as findByUserName(String name).
However, it can get cumbersome to always retrieve, pass and match on the active user.
Luckily Spring Security integrates well with Spring Data to minimize the overhead.
This post is part of a series of blog posts on Spring Security; the code can be found on GitHub.
